This bill aims to strengthen cybersecurity measures within Kansas state government by consolidating cybersecurity services under the chief information security officer (CISO) for each branch and removing expiration provisions that previously limited these measures. It amends several statutes and mandates that each CISO develop a cybersecurity program in line with the National Institute of Standards and Technology Cybersecurity Framework (CSF). Additionally, all employees, including justices, judges, and legislators, are required to complete annual cybersecurity awareness training, with access to state-issued hardware revoked for noncompliance.

Furthermore, the bill ensures that audit results from the United States Cybersecurity and Infrastructure Security Agency remain confidential and not subject to public disclosure. It establishes CISOs for both the judicial and legislative branches, who will oversee the implementation of cybersecurity protocols and conduct annual audits. The legislation also introduces a compliance mechanism where the director of the budget will evaluate adherence to the act, potentially imposing financial penalties for noncompliance. By removing the July 1, 2026 expiration date, the bill seeks to ensure the ongoing effectiveness of cybersecurity measures and enhance the overall security posture of Kansas state government operations.

Statutes affected:
As introduced: 40-110, 45-215, 75-413, 75-623, 75-710, 75-711, 75-7203, 75-7245, 75-7206a, 75-7208a, 76-711, 75-7246